Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/me0Tn5M89U7bAS_skRfEsVfQhTU.roa
File:                     me0Tn5M89U7bAS_skRfEsVfQhTU.roa (raw, json)
Hash identifier:          L2BUA7tzgbFNuUh5CdmgK+pJMFK8RYHMzg6wrPC5J+Y=
Subject key identifier:   99:ED:13:9F:93:3C:F5:4E:DB:01:2F:EC:91:17:C4:B1:57:D0:85:35
Certificate issuer:       /CN=4dc391dc615fd4a3ad10c0f2ab8b0a506d039ed8
Certificate serial:       018CC6B92C4FF21E02F6B7A6E9EE9E955394
Authority key identifier: 4D:C3:91:DC:61:5F:D4:A3:AD:10:C0:F2:AB:8B:0A:50:6D:03:9E:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/me0Tn5M89U7bAS_skRfEsVfQhTU.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.117.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2c:4f:f2:1e:02:f6:b7:a6:e9:ee:9e:95:53:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dc391dc615fd4a3ad10c0f2ab8b0a506d039ed8
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99ed139f933cf54edb012fec9117c4b157d08535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ed:5c:2d:b0:cd:74:c3:c5:9b:ac:a5:8e:66:
                    09:2f:9e:49:0b:97:d8:d9:2f:97:7b:a0:16:3a:da:
                    34:e9:fc:83:ea:27:cc:fe:aa:3a:af:fb:96:01:5b:
                    c8:e7:e3:5f:3b:7d:cf:fc:63:64:a8:3c:5f:fa:22:
                    4d:3f:8f:9e:a2:79:10:42:4c:e2:12:02:2c:ae:51:
                    b8:ca:62:88:ef:79:fc:57:a7:fc:61:e5:cd:ce:d4:
                    52:5d:94:a0:b2:c4:5e:86:06:79:a0:cc:18:05:39:
                    61:d0:29:22:13:c1:fc:89:a5:33:36:c8:bd:f2:ad:
                    4d:cc:e4:be:8a:da:33:8c:69:2c:83:5e:2f:d3:90:
                    92:72:a6:35:d5:4a:db:a0:9c:16:ef:f5:b1:d7:8c:
                    bf:d9:ac:cf:0f:68:5e:77:af:d5:d6:bc:07:63:70:
                    ef:04:fd:d9:c0:38:b6:9e:99:d8:15:85:3e:13:b6:
                    57:6b:60:e9:a1:df:7c:99:ac:86:d1:30:87:d7:6a:
                    54:d5:41:0e:0f:9b:2f:94:a9:fe:45:ec:fc:d7:bb:
                    52:39:e5:32:99:6a:e4:40:43:c0:8d:25:e1:5d:9c:
                    05:87:f6:60:45:24:83:0f:16:b0:1c:3f:6e:57:38:
                    38:db:85:fb:32:6a:82:5e:07:a9:71:dd:2a:9b:52:
                    5c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:ED:13:9F:93:3C:F5:4E:DB:01:2F:EC:91:17:C4:B1:57:D0:85:35
            X509v3 Authority Key Identifier:
                keyid:4D:C3:91:DC:61:5F:D4:A3:AD:10:C0:F2:AB:8B:0A:50:6D:03:9E:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/me0Tn5M89U7bAS_skRfEsVfQhTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:e5:cc:fd:b2:9b:fc:13:5c:14:23:df:7a:41:30:91:39:0c:
         15:28:ce:6c:88:ba:22:78:20:0b:f1:5a:6b:4d:c0:38:07:2d:
         2d:c8:39:87:fc:82:b2:cb:77:a2:78:ae:a0:7f:11:a7:9e:80:
         b8:f6:70:06:da:ea:cd:45:7c:a8:e1:23:9c:2c:fc:2a:cb:75:
         27:a4:77:42:b2:74:7b:1d:bd:d4:af:fc:d8:4a:ab:e9:b9:5f:
         eb:fb:9c:da:68:30:c0:c4:f4:29:05:96:87:07:ac:69:fa:8e:
         8d:0f:c6:f5:22:0e:36:ec:cf:7d:c4:39:1c:ae:23:fe:5f:f9:
         5c:6d:56:62:87:e1:43:55:98:0f:50:f7:83:bc:fc:6e:fc:85:
         39:91:3e:12:a2:53:60:d9:06:15:10:91:06:1c:f5:23:3e:0c:
         19:c5:04:c7:7a:02:ca:b4:2b:b5:78:2f:f9:0f:03:10:e5:93:
         5d:62:25:a8:28:c8:99:bb:8c:29:e4:81:bd:3f:7b:d4:72:b6:
         83:80:97:a1:4f:9f:69:ed:ab:76:81:0d:a9:7d:d1:d8:59:7a:
         26:ab:03:b0:31:42:57:21:30:71:cd:18:ec:c8:54:49:0c:41:
         9b:08:3c:2a:d5:eb:c8:cc:9c:fe:07:c0:19:c3:b9:6c:c8:e3:
         74:6a:ca:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSxP8h4C9rem6e6elVOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYzM5MWRjNjE1ZmQ0YTNhZDEwYzBmMmFiOGIwYTUwNmQw
MzllZDgwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWVkMTM5ZjkzM2NmNTRlZGIwMTJmZWM5MTE3YzRiMTU3ZDA4NTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve1cLbDNdMPFm6yljmYJL55JC5fY
2S+Xe6AWOto06fyD6ifM/qo6r/uWAVvI5+NfO33P/GNkqDxf+iJNP4+eonkQQkzi
EgIsrlG4ymKI73n8V6f8YeXNztRSXZSgssRehgZ5oMwYBTlh0CkiE8H8iaUzNsi9
8q1NzOS+itozjGksg14v05CScqY11UrboJwW7/Wx14y/2azPD2hed6/V1rwHY3Dv
BP3ZwDi2npnYFYU+E7ZXa2Dpod98mayG0TCH12pU1UEOD5svlKn+Rez817tSOeUy
mWrkQEPAjSXhXZwFh/ZgRSSDDxawHD9uVzg424X7MmqCXgepcd0qm1JcJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJntE5+TPPVO2wEv7JEXxLFX0IU1MB8GA1UdIwQY
MBaAFE3DkdxhX9SjrRDA8quLClBtA57YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGNPUjNHRmYxS090RU1EeXE0c0tVRzBEbnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9kNjZhNTgtZmRmNS00OTFlLWI1MTEt
ZmQyOTE1ZDRjZDVhLzEvbWUwVG41TTg5VTdiQVNfc2tSZkVzVmZRaFRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9kNjZhNTgtZmRmNS00OTFlLWI1MTEtZmQyOTE1ZDRjZDVh
LzEvVGNPUjNHRmYxS090RU1EeXE0c0tVRzBEbnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXXmMA0G
CSqGSIb3DQEBCwUAA4IBAQAK5cz9spv8E1wUI996QTCROQwVKM5siLoieCAL8Vpr
TcA4By0tyDmH/IKyy3eieK6gfxGnnoC49nAG2urNRXyo4SOcLPwqy3UnpHdCsnR7
Hb3Ur/zYSqvpuV/r+5zaaDDAxPQpBZaHB6xp+o6ND8b1Ig427M99xDkcriP+X/lc
bVZih+FDVZgPUPeDvPxu/IU5kT4SolNg2QYVEJEGHPUjPgwZxQTHegLKtCu1eC/5
DwMQ5ZNdYiWoKMiZu4wp5IG9P3vUcraDgJehT59p7at2gQ2pfdHYWXomqwOwMUJX
ITBxzRjsyFRJDEGbCDwq1evIzJz+B8AZw7lsyON0asrv
-----END CERTIFICATE-----